Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 404991 (CVE-2012-1190) - <dev-db/phpmyadmin-3.5.2.2: XSS in replication setup (CVE-2012-1190)
Summary: <dev-db/phpmyadmin-3.5.2.2: XSS in replication setup (CVE-2012-1190)
Status: RESOLVED FIXED
Alias: CVE-2012-1190
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B4 [noglsa]
Keywords:
Depends on: 432340
Blocks:
  Show dependency tree
 
Reported: 2012-02-20 09:43 UTC by Agostino Sarubbo
Modified: 2012-09-27 19:07 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-02-20 09:43:36 UTC 
From upstream advisory at $URL:

Description:
It was possible to conduct XSS using a crafted database name.
The victim would have to willingly click on a database name which clearly shows a possible XSS.


Severity:
We consider this vulnerability to be non critical.


Affected Versions:
Versions 3.4.x are affected.


Solution:
Upgrade to phpMyAdmin 3.4.10.1 or newer or apply patch listed below.


Patches:
Following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/86073d532aed656550cb731aa5b4288b126ae7a6
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-27 19:07:42 UTC 
Closing noglsa for XSS only.